Flash blocked on Firefox by default due to security issues

“When Mozilla becomes aware of add-ons, plugins, or other third-party software that seriously compromises Firefox security, stability, or performance and meets certain criteria, the software may be blocked from general use,” it added (https://addons.mozilla.org/en-US/firefox/blocked/p946). “This latest wave of anti-Flash action might not kill it immediately, but it should at least mark the beginning of the end for the software,” The Verge said. It said only last week, 400GB of files stolen from spyware company Hacking Team showed hackers attacked a target’s machine using a major vulnerability in Flash.After yesterday’s news that Facebook’s new chief security officer wants to set a date to kill Flash once and for all, the latest version Mozilla’s Firefox browser now blocks Adobe’s vulnerability-riddled software as standard.The legacy websites that are still using Flash, entangled with newer types of coding, are causing security issues for the Web at large, Facebook’s Alex Stamos said. Yet some developers don’t have enough motivation to upgrade their sites because they expect Adobe to support Flash forever, he said. “It is time for Adobe to announce the end-of-life date for Flash,” Stamos said on Twitter. “One set date is the only way to disentangle the dependencies and upgrade the whole ecosystem at once.” Flash has fallen out of favor since 2010, when Apple Inc.’s Steve Jobs wrote an open letter about its technical drawbacks, barring Flash from the iPad and iPhone.

Although Adobe quickly issued a patch to fix the problem, Hacking Team’s internal memos describe the flaw as “the most beautiful Flash bug for the last four years,” suggesting it had been known about — and used — for some time previously. Adobe said last week that it fixed some vulnerabilities with its video player that, if exploited, “could cause a crash and potentially allow an attacker to take control.” In January, Google Inc.’s YouTube started defaulting to HTML5 for videos instead of Flash.

This is far from an isolated incident: two additional vulnerabilities for Flash were found in the same 400GB trove in the following days, and earlier this year, Adobe was forced to release emergency security updates in both February and January. This seemingly unending list of vulnerabilities is why individuals like Stamos have turned against Flash, but the industry’s ire against the software is nothing new. Adobe has scrambled to fix problems as they have become public, but the web’s biggest companies have slowly withdrawn support from the software over the past few years. YouTube dropped Flash as its default player in favor of HTML5 in January, and Chrome now intelligently pauses instances of Flash video on its pages — even Adobe stopped active development of Flash Player for mobile in 2011, recognizing it as inferior to HTML5.